Chapter 15
Promoting Cloud Security and Governance
In This Chapter
How using a cloud provider impacts security risks
How internal users impact security risks
Sharing the responsibility for cloud security with your cloud provider
Exploring risks of running in the cloud
Developing a secure hybrid environment
Discovering risk and maintaining your cloud security strategy
Security is first, second, and third on the list of any IT manager who’s thinking about the cloud. Whether you’re looking at creating a private cloud, leveraging a public cloud, or implementing a hybrid environment, you must have a security strategy. Security is something you can never really relax about since the state of the art is constantly evolving. Hand-in-hand with this security strategy needs to be a governance strategy — a way to ensure accountability by all parties involved in your hybrid cloud deployment.
Managing security in the cloud needs to be viewed as a shared responsibility across the organization. You can implement all the latest technical security controls and still face security risks if your end users don’t have a clear understanding of their role in keeping the cloud environment secure. Cloud services provide non-IT professionals with more control over their IT environment than ever before. As a result, the organization benefits from increased efficiency, flexibility, and productivity. However, there is also a much greater likelihood that an end user can impact security if they don’t understand the implications of their actions.
In this chapter, we examine the security risks and governance considerations for companies working in hybrid cloud environments. There is a lot to consider, and understanding security is a moving target. Ultimately, education is key to ensuring that everyone in the organization has an understanding of his or her roles and responsibilities with regard to security.